rl-docs-hub

Home · Apps · rl-main-infra · todo_api · todo_mobile

---

DB Schema

rl-main-infra is infrastructure code and does not own a relational application database schema.

What This Repo Treats as “State”

The equivalent of a schema here is the infrastructure state contract between discovery inventory, Pulumi configuration, and Pulumi state.

erDiagram
  DISCOVERY_INVENTORY ||--o{ NETWORK_RESOURCES : describes
  DISCOVERY_INVENTORY ||--o{ COMPUTE_RESOURCES : describes
  DISCOVERY_INVENTORY ||--o{ SERVICE_RESOURCES : describes
  DISCOVERY_INVENTORY ||--o{ GLOBAL_RESOURCES : describes

  PULUMI_CONFIG ||--|| IMPORT_POLICY : controls
  IMPORT_POLICY ||--o{ IMPORT_BATCH : scopes

  PULUMI_PROGRAM ||--o{ MANAGED_RESOURCES : imports
  PULUMI_PROGRAM ||--o{ REFERENCE_RESOURCES : reads

  MANAGED_RESOURCES ||--|| PULUMI_STATE : persisted_in
  REFERENCE_RESOURCES ||--|| LIVE_AWS : resolved_from

  IMPORT_LEDGER ||--o{ MANAGED_RESOURCES : records
  DRIFT_NOTES ||--o{ MANAGED_RESOURCES : annotates

State Data Sources

• Discovery inventory JSON:
  • /Users/admin/.openclaw/workspace/rl-main-infra/inventory/discovery.json
• Pulumi stack config:
  • /Users/admin/.openclaw/workspace/rl-main-infra/Pulumi.yaml
  • /Users/admin/.openclaw/workspace/rl-main-infra/Pulumi.dev.yaml
• External audit snapshots:
  • /Users/admin/.openclaw/workspace/aws-infra-audit/

Key Contracts and Constraints

1) Identity contract

• infra:accountId must equal discovery accountId.
• aws:region must equal discovery region.

Any mismatch fails fast to prevent wrong-account or wrong-region operations.

2) Ownership contract

• enableManagedImports=false → read-only data source mode.
• enableManagedImports=true → managed import mode for modeled resources.
• High-drift/high-blast-radius assets may stay reference-only until explicitly promoted.

3) Drift contract

• Non-authoritative mutable fields are ignored using targeted ignoreChanges.
• Destructive diffs (delete/replace) are treated as policy violations during import phases.

Downstream Datastores Detected (Workload Inventory)

From discovery/audit (not managed as app schema in this repo):

• DynamoDB tables: 13 (currently reference-oriented in services module)
• RDS instances: 0 detected in primary region during audit snapshot

Import Ledger Template (recommended)

Use this structure (kept in docs or ops runbook) to track controlled ownership adoption:

Resource Type	Resource ID	Import Phase	Imported?	Drift Exceptions	Notes
aws.ec2.Instance	i-025e303d34c599721	Phase 3	Pending/Done	userData ignored	jumphost
aws.ec2.Subnet	subnet-...	Phase 2	Pending/Done	none/justified	network baseline